<?php
//Administration of course administrators
//handle submitted data
switch($submit)
{
case "Update":
echo "<h1>Result - Update Users</h1>";
if ($username!="" && $useridx!="" && $useremail!="")
{
if ($useridx=="0") //new
{
$useridx=md5(uniqid(rand()));
$sql = "insert into admin_users( idx ,name , email, access_co ) values ( '".$useridx."', '".$username."', '".$useremail."', '1' )";
if(mysql_query($sql))
echo "<span class=\"succ\">Success</span> - Account ".$username." added";
else
echo "<span class=\"fail\">Error</span> - Failed to update database";
}
else //edit
{
$sql = "update admin_users set name='".$username."', email='".$useremail."' where idx='".$useridx."' limit 1";
if(mysql_query($sql))
echo "<span class=\"succ\">Success</span> - Account ".$username." updated";
else
echo "<span class=\"fail\">Error</span> - Failed to update database";
}
}
else
{
echo "<span class=\"fail\">Failed</span> - All fields not completed";
}
echo "<hr>";
break;
}
if($pswdset && isset($useridx))
{
$sql = "select name, email from admin_users where idx='".$idx."' or idx='".$useridx."' order by access_ac limit 2";
$result=mysql_query($sql);
$row = mysql_fetch_object($result);
$useremail=$row->email;
$username=$row->name;
if($pswdset=="clear")
$userpsw="";
else
$userpsw=strtr(strtolower(substr($username, 0, 4)).(string)rand(100000,999999)," ","*");
$sql = "update admin_users set psw='".$userpsw."' where idx='".$useridx."' limit 1";
if(mysql_query($sql))
{
echo "<span class=\"succ\">Success</span> - User ".$username.", ".$pswdset." password.";
if($pswdset=="set")
{
//mail
echo " The password has been mailed to ".$useremail;
$row = mysql_fetch_object($result);
$mail_sender=$row->email;
$mail_from=$row->name;
require(PPATH.INCLUDES."mailheader.php");
mail($useremail, BRAND_NAME." Password " ,"Your course administrators password is <b>".$userpsw."</b><br><br><br>** This is an automated message. **",$mailheader);
}
}
else
{
echo "<span class=\"fail\">Error</span> - Failed to ".$pswdset." password";
}
echo "<hr>";
}
echo "<h1>Course Administrators</h1>";
$sql = "select idx, psw, name, email from admin_users where access_co='1' order by name";
$result = mysql_query($sql);
if(mysql_num_rows($result))
{
echo "<table class=\"tabular\" border=\"0\" align=\"center\" cellpadding=\"0\" cellspacing=\"0\" width=\"98%\">";
echo "<tr><th>Name</th><th>Email</th><th>Accounts</th><th>Students</th><th>Groups</th><th>Active</th><th></th><th colspan=\"3 \">Password</th></tr>";
while($row = mysql_fetch_object($result))
{
echo "<tr>";
echo "<td>".$row->name."</td>";
echo "<td>".$row->email."</td>";
$sql = "select count(*) as cnt_accounts from account_main where admin_idx='".$row->idx."'";
$row2 = mysql_fetch_object(mysql_query($sql));
echo "<td>".$row2->cnt_accounts."</td>";
$sql = "select count(*) as cnt_students from account_main ac, account_students st where ac.admin_idx='".$row->idx."' and ac.idx=st.account_idx";
$row2 = mysql_fetch_object(mysql_query($sql));
echo "<td>".$row2->cnt_students."</td>";
$sql = "select count(*) as cnt_groups from account_main ac, account_groups gr where ac.admin_idx='".$row->idx."' and ac.idx=gr.account_idx";
$row2 = mysql_fetch_object(mysql_query($sql));
echo "<td>".$row2->cnt_groups."</td>";
$sql = "select count(*) as cnt_active from account_main ac, account_groups gr, class_main cl, class_schedule sc where ac.admin_idx='".$row->idx."' and ac.idx=gr.account_idx and gr.idx=cl.group_idx and cl.idx=sc.class_idx and sc.active='1'";
$row2 = mysql_fetch_object(mysql_query($sql));
echo "<td>".$row2->cnt_active."</td>";
echo "<td><a href=\"#edituser\" onClick=\"setuser('".$row->idx."')\">edit</a></td>";
echo "<td>".($row->psw?"YES":"NO")."</td>";
echo "<td><a href=\"javascript:setpassword('".$row->idx."','".strtr($row->name,"'","`")."', 'set')\" >set/reset</a></td>";
echo "<td><a href=\"javascript:setpassword('".$row->idx."','".strtr($row->name,"'","`")."', 'clear')\" >clear</a></td>";
echo "</tr>";
}
echo "</table>";
}
//add/edit user
echo "<h2><a name=\"edituser\">Add/Edit User</a></h2>";
echo "<form name=\"userform\" method=\"post\" action=\"\"><table class=\"tabular\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\" width=\"50%\"><tr>";
echo "<th>Select</th><th>Name</th><th>Email<th></th></tr><tr>";
echo "<td><select name=\"useridx\" onChange=\"readuser()\"><option value=\"0\">--- New ---</option>";
$sql = "select idx, name from admin_users where access_co='1' order by name";
$result = mysql_query($sql);
while ($row = mysql_fetch_object($result))
echo "<option value=\"".$row->idx."\"> Edit ".$row->name."</option>";
echo "<td><input type=\"text\" name=\"username\" size=25 maxlength=50></td>";
echo "<td><input type=\"text\" name=\"useremail\" size=25 maxlength=50></td>";
echo "<td><input type=\"submit\" name=\"submit\" value=\"Update\" onclick=\"return confirm('Are you sure you want to continue')\" title=\"add\edit user\"></td>";
echo "</tr></table><input type=\"hidden\" name=\"userpsw\" value=\"\"><input type=\"hidden\" name=\"idx\" value=\"".$idx."\"><input type=\"hidden\" name=\"menu\" value=\"".$menu."\"></form>";
//password reset form
echo "<form name=\"passform\" method=\"post\" action=\"\"><input type=\"hidden\" name=\"idx\" value=\"".$idx."\"><input type=\"hidden\" name=\"useridx\" value=\"".$useridx."\"><input type=\"hidden\" name=\"menu\" value=\"".$menu."\"><input type=\"hidden\" name=\"pswdset\" value=\"\"><input type=\"hidden\" name=\"username\" value=\"\"></form>";
?>
<script type="text/javascript" language="javascript">
function readuser()
{
var idx=document.userform.useridx.options[document.userform.useridx.selectedIndex].value;
if (idx==0)
clearuser();
else
setuser(idx);
}
function clearuser()
{
document.userform.username.value="";
document.userform.useremail.value="";
}
function setuser(idx)
{
var name=new Array();
var email=new Array();
<?php
$sql = "select idx, name, email from admin_users where access_co='1' order by name";
$result = mysql_query($sql);
while ($row = mysql_fetch_object($result))
{
echo "name[\"".$row->idx."\"] = \"".$row->name."\";\n";
echo "email[\"".$row->idx."\"] = \"".$row->email."\";\n";
}
?>
document.userform.useridx.value=idx;
document.userform.username.value=name[idx];
document.userform.useremail.value=email[idx];
}
function setpassword(idx,name,action)
{
var message = "Are you sure you want to "+action+" the password for "+name;
if(confirm(message))
{
document.passform.useridx.value=idx;
document.passform.username.value=name;
document.passform.pswdset.value=action;
document.passform.submit();
}
}
</script>